CERT and SIG payload. fix IPsec-AH transform value. (from KAME)

diff --git a/print-isakmp.c b/print-isakmp.c
index 5f4abc00aa1e5dda5b2c0b4abdccf26cf73de1ec..34375d98aa5f5b582d20d9b10f3307015c15ec2c 100644 (file)
--- a/print-isakmp.c
+++ b/print-isakmp.c
@@ -30,7 +30,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.10 2000-01-17 06:24:25 itojun Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-isakmp.c,v 1.11 2000-04-24 12:49:11 itojun Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -86,6 +86,10 @@ static u_char *isakmp_ke_print __P((struct isakmp_gen *, u_char *, u_int32_t,
        u_int32_t, u_int32_t));
 static u_char *isakmp_id_print __P((struct isakmp_gen *, u_char *, u_int32_t,
        u_int32_t, u_int32_t));
+static u_char *isakmp_cert_print __P((struct isakmp_gen *, u_char *, u_int32_t,
+       u_int32_t, u_int32_t));
+static u_char *isakmp_sig_print __P((struct isakmp_gen *, u_char *, u_int32_t,
+       u_int32_t, u_int32_t));
 static u_char *isakmp_hash_print __P((struct isakmp_gen *, u_char *,
        u_int32_t, u_int32_t, u_int32_t));
 static u_char *isakmp_nonce_print __P((struct isakmp_gen *, u_char *,
@@ -130,10 +134,10 @@ static u_char *(*npfunc[]) __P((struct isakmp_gen *, u_char *, u_int32_t,
        isakmp_t_print,
        isakmp_ke_print,
        isakmp_id_print,
-       NULL,
-       NULL,
+       isakmp_cert_print,
+       isakmp_cert_print,
        isakmp_hash_print,
-       NULL,
+       isakmp_sig_print,
        isakmp_nonce_print,
        isakmp_n_print,
        isakmp_d_print,
@@ -495,7 +499,7 @@ static char *isakmp_p_map[] = {
 };
 
 static char *ah_p_map[] = {
-       NULL, "md5", "sha", "1des",
+       NULL, "(reserved)", "md5", "sha", "1des",
 };
 
 static char *esp_p_map[] = {
@@ -755,6 +759,29 @@ isakmp_id_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
        return (u_char *)ext + ntohs(ext->len);
 }
 
+static u_char *
+isakmp_cert_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
+       u_int32_t doi0, u_int32_t proto0)
+{
+       struct isakmp_pl_cert *p;
+       static char *certstr[] = {
+               "none", "pkcs7", "pgp", "dns",
+               "x509sign", "x509ke", "kerberos", "crl",
+               "arl", "spki", "x509attr",
+       };
+
+       printf("%s:", NPSTR(ISAKMP_NPTYPE_CERT));
+
+       p = (struct isakmp_pl_cert *)ext;
+       printf(" len=%d", ntohs(ext->len) - 4);
+       printf(" type=%s", STR_OR_ID((p->encode), certstr));
+       if (2 < vflag && 4 < ntohs(ext->len)) {
+               printf(" ");
+               rawprint((caddr_t)(ext + 1), ntohs(ext->len) - 4);
+       }
+       return (u_char *)ext + ntohs(ext->len);
+}
+
 static u_char *
 isakmp_hash_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
        u_int32_t doi, u_int32_t proto)
@@ -769,6 +796,20 @@ isakmp_hash_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
        return (u_char *)ext + ntohs(ext->len);
 }
 
+static u_char *
+isakmp_sig_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
+       u_int32_t doi, u_int32_t proto)
+{
+       printf("%s:", NPSTR(ISAKMP_NPTYPE_SIG));
+
+       printf(" len=%d", ntohs(ext->len) - 4);
+       if (2 < vflag && 4 < ntohs(ext->len)) {
+               printf(" ");
+               rawprint((caddr_t)(ext + 1), ntohs(ext->len) - 4);
+       }
+       return (u_char *)ext + ntohs(ext->len);
+}
+
 static u_char *
 isakmp_nonce_print(struct isakmp_gen *ext, u_char *ep, u_int32_t phase,
        u_int32_t doi, u_int32_t proto)